Lucene search
K

85 matches found

CNVD
CNVD
added 2015/09/28 12:0 a.m.5 views

IBC Solar ServeMaster Plain Text Password Vulnerability

ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. A plain text password vulnerability exists in ServeMaster TLP+ and Danfoss TLX Pro+. An attacker can exploit this vulnerability to obtain a plain text password by viewing the web page source code...

5CVSS7AI score0.01359EPSS
Exploits0References1
ICS
ICS
added 2015/06/25 6:0 a.m.82 views

IBC Solar ServeMaster Source Code Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified three vulnerabilities in IBC Solar products. The vulnerabilities are disclosure of applications source code, plain text passwords, and cross site scripting. IBC Solar has not produced a patch to mitigate these vulnerabilities. These...

5CVSS6.5AI score0.01359EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2014/12/24 9:55 a.m.13 views

HP's Zero Day Initiative Changes Bug-Buying Guidelines

HP’s Zero Day Initiative has decided to adjust its guidelines and criteria or buying some vulnerabilities in the future, eliminating some large classes of bugs from its menu. The group, which has been among the more visible and prominent of the vulnerability purchasing programs since its inceptio...

1.6AI score
Exploits0References2
ICS
ICS
added 2014/09/11 6:0 a.m.51 views

Trihedral Engineering Limited VTScada Integer Overflow Vulnerability

OVERVIEW An anonymous researcher working with HP’s Zero Day Initiative has identified an integer overflow vulnerability in Trihedral Engineering Ltd’s VTScada application. Trihedral Engineering Limited has produced a patch that mitigates this vulnerability. This vulnerability could be exploited...

7.8CVSS6.9AI score0.02694EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2014/07/18 8:0 p.m.20 views

New Variant of Havex Malware Scans for OPC Servers at SCADA Systems

At the beginning of the month, we have reported about the new surge of a Stuxnet-like malware “Havex”, which was previously targeting organizations in the energy sector, had been used to carry out industrial espionage against a number of companies in Europe and compromised over 1,000 European and...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2014/07/01 10:56 p.m.11 views

Dragonfly Russian Hackers Target 1000 Western Energy Firms

Gone are the days when cyber criminals focuses only on PCs to spread malwares and target people, whether it’s ordinary or a high profile person. Nowadays, organizations in the energy sector have become an interesting target for cyber minds. Few days ago, security researchers uncovered a...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2014/06/26 5:16 a.m.14 views

Stuxnet-like 'Havex' Malware Strikes European SCADA Systems

Security researchers have uncovered a new Stuxnet like malware, named as “Havex”, which was used in a number of previous cyber attacks against organizations in the energy sector. Just like Famous Stuxnet Worm, which was specially designed to sabotage the Iranian nuclear project, the new trojan...

7.4AI score
Exploits0
ICS
ICS
added 2014/06/19 6:0 a.m.49 views

Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-259-01 Schneider Electric SCADA Expert ClearSCADA Vulnerabilities that was published September 16, 2014, on the NCCIC/ICS-CERT web site. Independent researcher Aditya Sood has identified a weak hashing algorithm...

6.7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2014/05/21 10:31 a.m.8 views

ICS-CERT Confirms Public Utility Compromised Recently

Attackers recently compromised a utility in the United States through an Internet-connected system that gave the attackers access to the utility’s internal control system network. The utility, which has not been named, had remote access enabled on some of its Internet-connected hosts and the...

0.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/04/21 1:49 p.m.7 views

OpenICS ICS Protocol Decoder Builds Data Dictionaries

Industrial control system security has been called archaic, laughable and even non-existent. Most ICS and SCADA systems weren’t built with the Internet in mind, much less security, but yet they are at the forefront of manufacturing, building automation and critical infrastructure operations...

7AI score
Exploits0References4
ICS
ICS
added 2014/01/18 7:0 a.m.37 views

Siemens SINEMA Vulnerabilities

OVERVIEW Siemens has identified vulnerabilities in SINEMA server. Siemens has produced a software update that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens product is affected: SINEMA server: all versions prior to V12 S...

9.3CVSS7.8AI score0.04243EPSS
Exploits3References10
ThreatPost
ThreatPost
added 2014/01/09 10:58 a.m.9 views

Siemens Fixes Authentication Bugs in Scalance X-200 Switches

Researchers have discovered two serious vulnerabilities in industrial Ethernet switches manufactured by Siemens that could enable attackers to perform unauthorized actions on the switches without authentication. One of the bugs allows attackers to hijack Web sessions and the other enables them to...

1.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2013/09/23 3:24 p.m.8 views

ICS Vendor Fixes Hard-Coded Credential Bugs Nearly Two Years After Advisory

Nearly two years after a security researcher published details of the hard-coded credentials that ship with a slew of industrial control system products made by Schneider Electric, the company has released updated firmware that fix the problems. The vulnerabilities, which were discovered by...

7.7AI score
Exploits0References4
ICS
ICS
added 2013/05/22 6:0 a.m.49 views

Sixnet Universal Protocol Undocumented Function Codes (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-231-01A Sixnet Universal Protocol Undocumented Function Codes that was published August 26, 2013, on the ICS-CERT Web page. --------- Begin Update B Part 1 of 1 -------- Researchers Kyle Stone and Mehdi Sabraoui...

10CVSS7AI score0.03937EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2012/12/26 3:40 p.m.9 views

Stuxnet is Back ! Iran reported another cyber attack

Iran claims to have repelled a fresh cyber attack on its industrial units in a southern province. In the last few years, various Iranian industrial, nuclear and government bodies have recently come under growing cyber attacks, widely believed to be designed and staged by the US and Israel. A powe...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2012/12/26 4:40 a.m.11 views

Stuxnet is Back ! Iran reported another cyber attack

Iran claims to have repelled a fresh cyber attack on its industrial units in a southern province. In the last few years, various Iranian industrial, nuclear and government bodies have recently come under growing cyber attacks, widely believed to be designed and staged by the US and Israel. A powe...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2012/12/17 4:20 p.m.13 views

Hunting vulnerabilities in SCADA systems, we are still too vulnerable to cyber attacks

Stuxnet case is considered by security expert the first concrete act of cyber warfare, a malware specifically designed to hit SCADA systems inside nuclear plants in Iran. The event has alerted the international security community on the risks related to the effects of a cyber attack against...

7.7AI score
Exploits0
ThreatPost
ThreatPost
added 2012/11/16 2:19 p.m.34 views

Embedded Systems, Critical Infrastructure 'Renovation' Outpacing Security

Scott Tousley, deputy director cybersecurity division at Department of Homeland Security Science & Technology, is an advocate of integrating cybersecurity education into all disciplines of IT and business and risk management. “We don’t want to teach cybersecurity as a stovepipe, but to do it so...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2012/10/29 1:12 p.m.13 views

DHS Warns ICS, SCADA Owners About Increase in Malicious Activity

An alert from the Department of Homeland Security late last week urges private- and public-sector industrial control system ICS owners to be proactive in auditing the security, particularly, authentication controls of their systems. The alert is in response to a growing concern over the number of...

0.2AI score
Exploits0References6
Metasploit
Metasploit
added 2012/06/05 6:50 p.m.49 views

Modbus Version Scanner

This module detects the Modbus service, tested on a SAIA PCD1.M2 system. Modbus is a clear text protocol used in common SCADA systems, developed originally as a serial-line RS232 async protocol, and later transformed to IP, which is called ModbusTCP. This module requires Metasploit:...

6.9AI score
Exploits0
Rows per page
Query Builder